Skip to main content

Author: admin

Compliance accountability

The key to compliance success – accountability

Written by admin on . Posted in Blog, Compliance & Regulations.

By William J. Showalter, CRCM; senior consultant, Young & Associates

The financial industry recognizes compliance as a high-risk function. Failure to manage it effectively can result in high costs to an institution, as witnessed by many supervisory enforcement actions and fair lending settlements over the years.

Compliance management is an important element of an institution’s overall risk management efforts. It makes sense for line managers—those whose operations generate either compliance or noncompliance—to “own” compliance, just as they do all other elements of the institution’s overall risk. To make compliance management work effectively and efficiently, senior management must give line personnel the tools to succeed at compliance and hold them responsible for their results.

When senior management establishes accountability and all staff believe in it, and when the institution measures compliance performance in a meaningful way, the institution can achieve positive compliance results.

As with other aspects of compliance management, identifying and categorizing levels and types of compliance risks are critical to both efficient operations and effective outcomes in any system of enforcing accountability.

Noncompliance as risk

In recent years, the federal agencies have made a fundamental shift in the way they examine financial institutions for compliance within their overall examination process over a decade ago – to handling it with a risk-based methodology. Examiners design programs to focus attention on areas within financial institutions that may pose the most significant risks, including compliance.

The agencies work to promote a sound risk-management process at each regulated financial institution, one centered on the evaluation and management of risks. The agencies try to help financial institutions implement compliance programs that focus on anticipating, evaluating, managing, and communicating about key compliance risks.

“Compliance risk” means the risk to earnings or capital that arises when institutions violate or fail to conform with laws, rules, regulations, prescribed practices, or ethical standards.

The agencies’ examination procedures provide that compliance risk can damage an institution through any or all of the following consequences:

  • Regulatory or judicial fines and penalties
  • Payments of damages to aggrieved parties
  • Voiding of contracts
  • Diminished reputation
  • Reduced franchise value (due to monetary and reputation losses or penalties)
  • Diminished business opportunities
  • Lessened expansion potential (e.g., when fair lending or Community Reinvestment Act problems delay or disallow corporate changes, mergers, or acquisitions)

The supervisory agencies recognize that an important element in avoiding these risks and their resultant costs is an effective accountability system, where institution staff feel they own their pieces of the overall program.

Establishing accountability

A solid design must form the foundation of an effective accountability system. The system needs a few key elements to succeed: management commitment, appropriate training and communication for all staff, regular and independent performance testing, and consistent enforcement of responsibility.

  • Management commitment. Solid support from both the board of directors and senior management is vital to the success of any compliance (or other) management function. It should also be seen as in their best interests since the risks and penalties for noncompliance are tremendous, and the board and management are the ones ultimately responsible for the compliance (and other) performance of the institution. Management and the board need to understand the true importance of compliance – it is not a job to be relegated to one person, or a small group, and ignored by everyone else. “Everyone else” includes the ones who drive the institution’s compliance performance, and they must be given the tools to succeed at it and be held accountable for their results.
  • Training and communication. Training is the foundation for effective compliance, and effective accountability, since employees cannot be expected to comply with the plethora of laws and regulations that impact banking today if they have not been given appropriate instruction as to what is required of them. In structuring a compliance training program, the first step is a needs assessment – types of products and services offered, current level of staff knowledge, problems identified in audits and examinations, and so forth. The goal of the compliance training is to provide line officers and other staff with the information they need to produce positive compliance results in their particular area or job. It is not to be an exercise in information overload. Therefore, the person in charge of training (whether classroom, online, etc.) needs to scope out the proper laws and regulations to be covered, how to tie these rules in to the institution’s functions, what media and tools to use, and so forth. Communication of compliance information on a regular basis is an important complement to the “regular” training. It helps keep staff aware of changes in the compliance rules and expectations, as well as keeping compliance issues on their “radar screens.”
  • Testing. A good compliance internal review program – both periodic audits and ongoing monitoring – can serve several goals. These include giving an early warning of problems, providing a defense against litigation, and meeting regulatory expectations, in addition to furnishing measurements of department/area or individual performance.
  • Enforcement. Without consistent enforcement of accountability for compliance performance, all the other elements are pretty much for naught. If individual line managers and other personnel are “let off the hook” for poor compliance performance because, for example, of high loan production volume, then the system likely will fail.

Making it work

Human nature being what it is, there need to be incentives for good compliance performance and, perhaps more importantly, disincentives for poor results. If management does not hold all staff to the same standards, then any calls for strong results and performance will ring hollow. Employees who the institution continues to hold to proper standards will begin to resist, since management expects them to meet measures that others do not. Such a “program” is unfair and cannot succeed.

Institutions should factor compliance performance elements into job descriptions, performance evaluations, and incentive pay. It needs to be clear that line managers are ultimately responsible and accountable for compliance performance in their areas, and that compliance is an explicit part of everyone’s job.

If there are line managers who cannot or will not take responsibility for their own or their area’s compliance performance and, therefore, expose the institution to risk, the institution should send them packing and replace them with managers who are positive about compliance issues and willing to take on this important obligation.

Otherwise, the institution has to pay for expensive, redundant processes to check the work of that person(s) or area and fix their errors. Running such a “fix-it” shop is not the efficient route to take in managing compliance. When management establishes and enforces accountability, it can achieve the lowest-cost compliance — compliance embedded in normal operations rather than added on after the fact — with everyone working to get it right the first time.

Management can use an accountability matrix as a tool to run an accountability system. Institutions can customize the matrix to fit their specific situation, structure, and needs. The matrix helps management ensure that someone or some area takes responsibility for each compliance rule or issue that affects its lines of business. It should spell out the rules or issues, who is responsible for them, which areas they impact, and so forth.

Conclusion

Accountability for compliance performance – good or bad – is essential for an institution’s success in effectively managing its compliance function. Properly structured and enforced, a strong accountability program helps ensure cost-effective positive compliance results.

The CFPB and other compliance trends

Written by admin on . Posted in Blog, Compliance & Regulations.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

The White House announced in April 2025 that its goal was to reduce the number of employees in the CFPB by about 88 percent, to 207 positions, but that decision was blocked by the courts. The decision also resulted in a lawsuit brought by the CFPB employee’s union, but since the “One Big Beautiful Bill Act” cut the CFPB funding by about half, even if the union prevails, it is unlikely that all employees will return to work.

During the first year of the Trump administration, the CFPB removed approximately 70 pronouncements. Many of those were out of date, archaic, and no longer useful. But some of them were protections that were proposed and finalized during the latter days of the Biden administration. However, they were never actually enforced.

Overdraft fees

One form of relief that consumers lost was a limit on overdraft fees. This has been an ongoing discussion for many years. Between those that believe it was unfair that lower income individuals paid the majority of the overdraft fees vs. others who believe that the culprit is financial mismanagement by consumers. The Biden CFPB finalized the overdraft regulation in 2024 but Congress overturned the regulation last year. This effectively eliminated this discussion for now.

Credit cards

The CFPB also tried to cap the amount of money consumers pay to credit card companies for late charges. The proposed limit for many would have been $10. The regulation was blocked by a federal court last year. The CFPB, under the control of the Trump administration, decided not to fight the matter in court.

Stack of paper complaintsLawsuits

The CFPB also withdrew several lawsuits.

We will mention two examples.

  1. The CFPB sued Capital One in January 2025 for $2 billion. They alleged that Capital One has misrepresented the interest rate paid on its savings accounts to customers. That lawsuit was dismissed.
  2. The CFPB also sued Early Warning Systems, the company that runs the money transfer service Zelle, in December 2024 for $870 million alleging that the EWS and the banks that operate Zelle were negligent in protecting consumers from fraud and scams. That lawsuit was also dismissed last year.

Complaints

There has also been a slowdown in the number of complaints resolved by the CFPB. The CFPB runs its own consumer complaint database, where a consumer can allege wrongdoing by their bank or financial services company and the CFPB will act as intermediary between the consumer and financial company to resolve the complaint. Under the Biden CFPB, roughly half of all consumer complaints were resolved with relief for the consumer, while under the Trump CFPB, that figure has dwindled to less than 5 percent, largely due to the staffing issues discussed above.

Compliance examinations

Following the CFPB lead, the prudential regulators (OCC, Federal Reserve, and FDIC) have all indicated (with some differences) that they are going to be changing the methods for compliance examinations. Future examinations will likely be more risk focused.

Since the regulators are going to be more targeted in their approach, they are essentially relying on banks to police other areas of compliance themselves. The examiner will likely spend more time reviewing your compliance program, and especially your compliance audit program, to assure it is functioning appropriately.

Banks must adjust accordingly, and compliance audit will (at least for some banks) need to be improved. Whether your compliance auditor/reviewer is internal or external, you need to assure that you do not get so relaxed that when the regulators do appear, you pay the price of not being properly prepared.

Time between examinations

The time in between examinations is also likely to increase. For the regulators, this will allow them to review banks using fewer examiners.

While that appears to be a “win” for banks, banks need to be careful. For instance, should you receive a “needs to improve” or “substantial noncompliance” CRA rating, you may have to live with the negative consequences of that rating for longer periods of time.

Conclusion

As you’re reviewing your compliance program, assure that all necessary pieces are in place, including compliance review/audit. It is unlikely that there will be many new regulations in the next few years. This should allow bank to ensure that they are in full compliance with the regulations that exist.

Floor Plan audits

The importance of floor plan audits for lending institutions

Written by admin on . Posted in Blog, Lending & Loan Review.

By Wendy Dancer; consultant, Young & Associates

Auditing your institution’s Floor Plan borrowers can seem like a tedious and time-consuming task. Workload is already heavy, weather is bad and frankly, who has the time to go out and touch hundreds of cars, motorcycles and boats? Your borrower is doing fine… until they are not.

As an example of a cautionary tale, I was personally involved in a Floor Plan audit that “seemed off”. The used car lot dealer was paying off vehicles on the line as expected, when it was discovered that the subject automobiles were still physically on the lot. Then mysteriously, the same autos would get added back to the line a month later. Long story short, the dealer had taken out a 2nd floor plan line with a private finance company. Vehicles were not getting sold; rather, the Floor Plan lines were being treated as a shell game to hide business decline.

This was the red flag that tipped us off on much larger business issues, which sadly ended in the dealership closure and a work-out loan situation for our institution. Below is an overview of why skipping Floor Plan audits is not in your institution’s best interest and a way to avoid the above scenario.

What are floor plan audits?

A Floor Plan audit is a physical verification of financed inventory. Auditors confirm that units pledged as collateral exist, are located where reported, and match lender records in terms of serial numbers, condition, and status (new, used, sold, or in transit). These audits may also include reviews of sales documentation, titles, and payoff activity.

Risk mitigation and collateral protection

Floor Plan lending is essentially asset-based lending. If inventory disappears, is sold out of trust, or is inaccurately reported, the lender’s collateral position is immediately compromised.

Regular audits help:

• Detect missing, sold-out-of-trust, or misrepresented units early
• Verify that financed inventory aligns with borrowing base reports
• Reduce the likelihood of large, undiscovered losses

Early detection is critical. Identifying discrepancies after weeks or months can significantly increase loss severity.

Fraud detection and deterrence

Floor Plan audits act as both a detection mechanism and a deterrent. The knowledge that audits are conducted regularly discourages intentional misreporting, double flooring, or concealment of sales proceeds. Auditors can uncover red flags such as altered VINs, falsified documentation, or repeated delays in payoff—often before fraud escalates.

Portfolio monitoring and credit quality

Audits provide lenders with real-time insight into dealer operations and financial health. Patterns observed during audits—such as chronic shortages, poor recordkeeping, or inventory aging—can signal deeper issues like cash flow stress or operational weakness.

This information allows lenders to:

  • Adjust credit limits or terms proactively
  • Increase monitoring on higher-risk accounts
  • Make informed renewal or exit decisions

In this way, Floor Plan audits serve as an early warning system rather than just a compliance exercise.

Regulatory and policy compliance

Many lending institutions are subject to internal policies, investor requirements, and regulatory expectations related to collateral verification and risk management.

Consistent Floor Plan audits help demonstrate:

  • Sound underwriting and ongoing credit administration
  • Adherence to internal risk management standards
  • Responsible stewardship of depositor or investor funds

Well-documented audits also provide defensible support in the event of disputes, charge-offs, or regulatory reviews.

Strengthening dealer relationships

While audits are often viewed as intrusive, when handled professionally they can strengthen lender-dealer relationships. Clear expectations, consistent audit schedules, and transparent communication help reinforce accountability on both sides. Audits can also surface operational inefficiencies at the dealer level, creating opportunities for corrective action before problems become critical.

Adapting to a changing lending environment

As floorplan portfolios grow more complex—with multi-location dealers, mixed inventory types, and rapid turnover—audits remain one of the few ways to independently validate data. Hybrid and technology-assisted audits now allow lenders to balance thorough oversight with efficiency, making regular verification more practical than ever.

Conclusion

Floor Plan audits are not merely a back-office function. They are a cornerstone of prudent Floor Plan lending. By verifying collateral, deterring fraud, monitoring credit quality, and supporting compliance, audits protect both lenders and their dealer partners. In an environment where inventory values are high and margins can shift quickly, consistent and well-executed floorplan audits are essential to sustainable, profitable lending.

Consistent, independent audits are key to protecting collateral and ensuring sound portfolio management. Young & Associates provides lending process review services to help institutions strengthen oversight and maintain credit confidence. Additionally, Y&A Credit Services provides ABL field exams that give lenders a clear, objective view of collateral strength.

AI

AI technology in the workplace

Written by admin on . Posted in Blog, News, Risk Management.

AI GlassesBy Bill Elliott, CRCM; director of compliance education, Young & Associates

We have recently been made aware of new artificial intelligence (AI) technology that may create additional risk for banks. Apparently, a bank employee had a pair of glasses that doubled as an AI recording device. These glasses were worn to work and were capable of recording private conversations without anyone’s knowledge. It is unclear whether the glasses included video, but that of course is possible. This new technology is being used for a variety of purposes and is continuing to develop.

This is a compliance issue regarding privacy of customer information. If the glasses have a camera and, thus, can “see” and perhaps “record” computer screens of customer information and other bank information, there is potential for substantial increases in your risk under the privacy regulations.

There are also state and federal laws to take into consideration, depending on how the glasses are used. In any case, it is advisable to speak with your bank’s attorney on how to address and handle this new AI technology, as your current human resources (HR) and/or ethics policies likely do not address this issue.

We also recommend that you consider any other changes that may be necessary, as all institutions are going to be facing other manifestations of AI in the not too distant future.

This AI technology may not be in use at your bank yet. However, it is only a matter of time before it will be.

ABL financing

The benefits of asset-based lines of credit for contractors and lenders

Written by admin on . Posted in Advice, Blog, Lending & Loan Review.

By Patrick Lilly; senior consultant, Young & Associates

Asset-Based Loans (ABL)

Asset-Based Loans (ABLs) are usually structured as revolving lines of credit that are secured by the borrower’s current assets. The amount of credit made available is determined by the quality and value of the collateral. Usually accounts receivable, inventory and sometimes equipment and real estate, depending on industry risk.

In this article, we will focus on General Building and Engineering Contractors, Trades Sub-Contractors, and construction-related services providers having current asset concentrations in accounts receivable. These types of businesses typically experience large swings in cash flow while awaiting progress payments or final payments on contracts, goods supplied, and services rendered. The ABL line of credit provides interim working capital to these companies. This helps to smooth out the peaks and valleys of payments received from their customers.

How it Works

Working with a pre-determined loan limit based on actual and projected needs, borrowers can access a percentage of the value of their pledged assets, depending on the current certified value of those pledged assets.

These loans require a close level of monitoring. The frequency is determined by the size of the loan and industry risk. This usually entails monthly or quarterly reporting requirements on the company’s financial status. This usually consists of a financial statement, accounts receivable, and accounts payable agings of even date, a certification from the company’s responsible financial officer and a borrowing base certificate (BBC), which sums up the amount of credit available based on the asset values.

Prudent Underwriting Guidelines

Loan Amount:

  • Starting with the requested amount of loan, a thorough analysis of the projected cash flow needs of the borrower should be undertaken. An improper loan limit can spell problems for both the contractor and the financial institution. If too little of a limit is approved, the contractor can run short of necessary working capital. This can create a negative effect on performance. Too much of a limit approved invites spending on fixed assets due to the relative ease in access to the loan proceeds and a sizable unused commitment impairs the financial institution’s overall lending and earnings capacity.
  • Accounts receivable aging reports are an absolute necessity for this type of financing. Carve-outs based on the age and/or nature of a receivable are predetermined as conditions of the eligibility of any particular account receivable. Typical carveouts are the exclusion of any AR over 90 days aged, the elimination of any intra-company or employee receivable and the elimination of receivables that are concentrated with one customer which total more than 15-20 percent of the total amount of receivables.

Reporting Requirements:

  • The borrower is typically required to report on a monthly or quarterly basis. The nature of the reporting should consist of:
    • A current (less than 30 days aged) monthly or quarterly financial statement
    • Accounts receivable detailed aging of even date and balance as indicated on the financial statement.
    • Accounts payable detailed aging of even date and balance as indicated on the financial statement.
    • A BBC supplied on a form approved by the lender that mirrors the information on the agings, subtracts ineligible ARs and taxing authority payables, states the balance on the loan and the amount available to draw on the loan. This form should be completed, signed and dated by the authorized borrower representative.

Audit requirements:

  • On larger and more complex borrowings, the lender needs to impose strict reporting requirements to protect the interests of the lender. This usually consists of:
    • Reviewed quality or better financial statements from the borrower due bank on an annual basis. (Usually no more than 90 days after the prior YE period)
    • Internally prepared and attested financial statement from the borrower on a monthly or quarterly basis. (Due lender no more than 30 days from the prior month or quarter ending period)
    • Depending upon the size, complexity and nature of the borrower, the lender may require a periodic field audit conducted by a qualified third party inspection firm as outlined in the Asset Based Loan Agreement. This audit reconciles the financial statement with the schedule of accounts receivable and payable, inventory activities and the most recent BBC. Such audits are integral to maintaining the integrity of the borrower relationship. They also protect the bank’s investment in the credit and its collateral position.

Other conditions:

  • The lender should consider CAPEX usage restrictions on proceeds of the line.
  • While ABL RLOCs rely on the cash conversion cycle for repayment, minimum pre and post distribution EBITDA DSCR covenants in combination with other standard C&I lending covenants such as minimum working capital or current ratio are prudent.
  • The borrower’s key suppliers should be contacted for credit reference.
  • Governmental contracting can result in extended terms. That may impair the bank’s ability to exercise assignment rights to receive direct payment in a collection action.

ABL financing can lead to a fuller relationship with a borrower. This can be beneficial to both the borrower and the lender. If managed and monitored properly, these types of loans can be valuable and profitable assets to the lender. It can then result in long term and expanding relationships.

SVB lawsuit reinforces the cost of weak model assumptions

Written by admin on . Posted in Blog, Compliance & Regulations, Liquidity Review.

By Michael Gerbick; president, Young & Associates

Last year the FDIC filed a lawsuit against 17 former executives and board directors of Silicon Valley Bank (SVB) for alleged negligence and breach of fiduciary responsibility, which led to the collapse in March 2023. We all know what happened with SVB and the other institutions that failed around this time in 2023.

I reviewed the FDIC’s lawsuit again this year, given the current rate environment. A particular section of the lawsuit sticks out to me on assumption adjustments extending the average life of deposits and resulting EVE at risk after the adjustment.

“As reported in a May 24, 2022, presentation to the Asset Liability Management Committee, SVB’s officers implemented this plan by changing the curtailment assumption from 5.5 to 12 years…. Without any valid justification for the change.”

SVB Graph

Why you need to justify your model assumptions

Many ALM and Liquidity models continue to improve with the integration of institutions’ core systems and considering additional details of your assets and liabilities. The institution’s model assumptions and governance remain critical to the reliability of the model’s forecasts. Model assumptions should be supported, reasonable, and appropriate. Strong governance also includes documentation of model development and validation that is sufficiently detailed to allow parties unfamiliar with a model to understand how the model operates, as well as its limitations and key assumptions. Assumptions reflect our prediction of customer behavior. Because behaviors can change quickly, institutions should review assumptions regularly. A method to identify risk is to stress these assumptions.

Specific to liquidity modeling and deposits, I want to dive into a few assumptions for stress testing. As we have exited the pandemic environment of zero rates and the rapid hike of 550 bps, we learned a considerable amount regarding customer behaviors. First and foremost, assumptions that modelers applied to historic trends may not translate the same way today. The rate increases and available technology created an environment where savvier depositors now demand a higher rate of return on what institutions once viewed as less price-sensitive core deposit categories.

Regarding liquidity, institutions had to provide more competitive pricing on their non-maturities, different products (perhaps CDs with higher rates of return), or experience runoff and leverage wholesale funding at a higher rate than they were accustomed to with the core deposit. Historic customer behavior trends of the past are a key component, but not the only component for developing assumptions to the models.

That rate environment is in the past, but the savvy customer remains in today’s environment. The deposit composition at many institutions changed. Customers are comfortable leveraging technology to move money in and out of an institution to a more favorable situation, no longer assumed to be as loyal as they once were. It is not a conclusion that behaviors experienced in 2020-2023 will remain, but it is prudent to consider the technologies available today and this history in how institutions establish model assumptions and stress testing. The stress tests should reflect the specific institution, risk profile, and hypothetical scenarios.

A set of valuable stress levers for consideration are:

  • Runoff by deposit type and customer (if available). Historic trends may be helpful for a baseline, but the rate environments these trends may be based on could be from 5+ years ago.
    • Regulators encourage institutions to review and stress the rate of runoff. More competitors exist today in local markets with online banks, fintech and brokerages. Consider various product types and how customers may react under various stresses. Scenarios may include only retaining a percentage of CD balances, Money Markets runoff may be different than Savings accounts or Large Uninsured Deposits. If the ability to review customer level behavior focused on movement between accounts, the institution may be able to incorporate insights into the overall stress tests. Strategic plans may follow the insights gained from the stress tests.
    • Leverage the customer level behavior knowledge for strategies to provide more valuable products and services, consider digital marketing efforts (and partners), consider total relationship (deposits) when a new lending relationship develops.
  • Access to Wholesale Funding.
    • Consider haircuts on availability or inability to access line of credits from providers. Consider stress scenarios in which management cannot access brokered deposits they rely on to offset core deposit runoff.
    • Some institutions have agreements in place but do not regularly leverage wholesale funding. Testing these lines (at least) annually helps ensure personnel know how to quickly access the funds, minimizing risk of disruption when it comes time to leverage them.

The lawsuit above accuses SVB of adjusting its assumptions without justification. I encourage you to review and stress yours. Customer behaviors can change swiftly. Reviewing what customers are doing today at your institution and thinking through the impact those behaviors may have on your liquidity if they remain stable and what risks appear should those behaviors become more severe could provide you with useful information you can use today to protect your bank tomorrow.

I’m interested in how your institution establish assumptions and stress test scenarios. I would welcome any conversation on this topic. You can email me at mgerbick@younginc.com with any thoughts!

Reviewing and stress‑testing your assumptions is key to managing liquidity risk. Young & Associates can help your institution strengthen its liquidity framework and meet evolving regulatory expectations. If we can assist your institution in these areas, contact us today.

Stablecoin Logo

Do I have to be a GENIUS to understand Stablecoin?

Written by admin on . Posted in Advice, Blog, Consultation.

By Michael Gerbick; president, Young & Associates

In July 2025, the GENIUS Act was signed into law. With it came comprehensive regulatory guardrails for stablecoins and stablecoin providers. The law’s passage drew widespread attention from financial institutions. If you find yourself asking, ‘How does stablecoin apply to my community bank?’ You are not alone. Many of our customers are learning how stablecoin might apply to them, while others have already become issuers.

Additional questions being asked include:

  • How does it impact me and my bank?
  • Where is the value for us to enter this space?
  • My customers aren’t transacting internationally. Is this still something I should consider?

Demystifying stablecoin

Cryptocurrency has been around for several years, but it’s still a new concept for many community banks. Institutions are continuing to learn how it fits within their operations and where it might create value for their customers. The goal of a stablecoin is to provide a means of payment within the digital asset ecosystem.

So what exactly is a stablecoin? It is a type of cryptocurrency that pegs its value to a real-world asset, often a traditional fiat currency like the U.S. dollar¹ (USD).

For example, one unit of a stablecoin that’s pegged to the USD should always be worth $1. Because its value is tied to a real-world asset like the USD, a stablecoin is generally less volatile than other cryptocurrencies, whose prices can fluctuate rapidly. See the chart below.

Prices of Bitcoin and USDT. These figures illustrate the fundamentally different price behavior between "traditional" cryptoassets, the largest of which is Bitcoin (top), and stablecoins, the largest of which is USDT (bottom). Source: CoinGecko via Haver.
Prices of Bitcoin and USDT. These figures illustrate the fundamentally different price behavior between “traditional” cryptoassets, the largest of which is Bitcoin (top), and stablecoins, the largest of which is USDT (bottom). Source: CoinGecko via Haver.

Here are a few factors to consider as you explore the potential value of engaging with digital assets at your institution:

  • Fee income from issuing, serving as a custodian and facilitating other related transactions.
  • Lower costs and faster processing for international transactions using stablecoin.
  • Access to new markets.
  • Consider emerging businesses that prefer to leverage stablecoins and other cryptocurrencies. Although still small compared to traditional currency, total stablecoin transaction volume continues to grow, as shown in the chart below.

Stablecoin Daily Volume. The two instances that exceed the chart’s maximum were November 3, 2021 and July 29, 2022, where the daily volume approached $1 trillion dollars (at $938 and $929 billion, respectively). The first is coincident with a then all-time-high price of Bitcoin before its years-long slump (see Figure 2), but the possible causes of the second are less clear. Source: CoinGecko via Haver.
Stablecoin Daily Volume. The two instances that exceed the chart’s maximum were November 3, 2021 and July 29, 2022, where the daily volume approached $1 trillion dollars (at $938 and $929 billion, respectively). The first is coincident with a then all-time-high price of Bitcoin before its years-long slump (see Figure 2), but the possible causes of the second are less clear. Source: CoinGecko via Haver.

A publication from the Department of the U.S. Treasury in April 2025 lists a projection of stablecoin supply reaching $2 trillion in 2028 if velocity remains unchanged.

  • Transaction speed. Stablecoins enable 24/7/365 settlement and near-instant payments, allowing transactions outside typical community banking hours.
  • Reputation and trust. Banks are widely recognized as safe and secure because of their long history in a regulated environment and their transparent reporting practices. That trusted reputation can extend into the digital asset space as customers evaluate stablecoin issuers.

What community banks should consider

Stablecoin Supply ProjectionsOf all the factors noted above, your institution’s reputation may be the most valuable reason to explore digital assets. Community banks are already trusted as being safe and secure with customers’ deposits and loans. Why not extend that trust into the stablecoin space and be seen as the reliable provider your community turns to?

With value comes risk and there are many risks and challenges to consider when pursuing digital assets. Key areas to consider are BSA/AML, Liquidity, Operations and Technology, Evolving Regulatory Guidance, to name a few.

A recent FEDS Notes article discussed how increased stablecoin demand could affect bank deposits. The article explored the potential impact on traditional deposits and their levels, composition and concentration. The article largely focuses on the implications for deposit composition if demand for stablecoin increases substantially and stablecoin issuers continue to maintain their reserve assets as deposits. This could shift the bank concentration from insured retail deposits to uninsured wholesale deposits.

This shift has liquidity risk and funding costs implications. A change in composition would require adjustments to liquidity management and asset-liability matching due to the more volatile deposit base. Management of a new deposit mix may impact credit decisions related to loan size and duration. These challenges and consequences are highlighted to reinforce the potential impact on you and your community bank in the future, even if you choose not to pursue stablecoin. Please continue to monitor stablecoin adoption and consider how it may influence your community bank’s liquidity stress test scenarios, as they relate to deposits.

Final thoughts

As expected, some innovative community banks that are early adopters are issuing stablecoin and leveraging this currency to provide value to the communities they serve. They have a first-mover advantage, along with the implementation and ongoing management costs and risks that come with that advantage.

Ultimately, each community bank should evaluate the digital asset landscape regularly. It may not make sense to become a stablecoin issuer or custodian today — or even in the near future. However, ignoring the shift entirely is not the right move. Be curious. Ask questions of peers and partners. Stay informed.

Your competitors are learning, and so are your customers. From a relationship standpoint, there’s no better place to be than a trusted expert who understands what stablecoin is, its potential value, and how it can be leveraged to support your customers’ growing businesses. You don’t have to be a genius to see the opportunity.

How Y&A can help

With expertise in strategic planning, interest rate risk, liquidity, and capital planning, Michael helps financial institutions strengthen their financial position. Young & Associates can help your team implement proactive asset liability management strategies that not only meet regulatory expectations but also support long-term stability and growth.

Regulations Input

How to be an effective player in the regulatory process

Written by admin on . Posted in Blog, Compliance & Regulations.

By William J. Showalter, CRCM; senior consultant, Young & Associates

We all noticed the increased level of regulatory changes over the years by the various banking supervisory agencies – encompassing changes from new or revised statutes, as well as changes at the regulatory agencies themselves.

Financial institutions can and, if they have not already, should become active and effective players in the regulation-making process. The bank’s role is to educate the regulatory agencies about how proposed regulations will impact the industry so that more amenable, less onerous rules may result.

Writing an effective comment

Policies GraphicBelow are a few tips on how to effectively communicate your concerns to the regulators.

Organize your comment letter/submission for easy reference. Since the agencies often face a statutory deadline for their action and must process many comment letters, the organization of yours can be crucial to its effectiveness.

Arrange your comments to match the structure of the proposed rule to make it easier for the agency to process. Use subheadings that correspond with those of the proposal and clearly identify the sections you reference. The agency will typically have a number of people working on a proposal and will distribute relevant parts of your comments to staff attorneys and others responsible for those particular sections.

One effective way to organize your comment letter is first to summarize the points you wish to make. This allows prompt identification of the part(s) of the proposal you are addressing. Then you should spell out your points clearly, with sufficient detail to have an appropriate impact, but not so much as to make your comments less forceful.

  • Be concise. Your comment letter should only be as long as it needs to be. Do not feel that you must address every item in the proposal. A tightly written, well-organized letter that focuses on the elements that most concern the commenter, as well as any you think are particularly positive, has more impact than one that rambles through all points in the proposal.
  • Provide background. Information about the type of bank or thrift you represent can provide valuable insight and perspective for the agency. Include a brief description of your bank’s size, structure, market, and any other information that may be pertinent to the proposal.
  • Concentrate on issues over which the agency has some discretion. When the underlying statute mandates a particular provision, suggesting that the agency abandon that requirement is not practical. The agency cannot simply ignore a legislative directive. Do not suggest changes that would undermine the general intent of the law implemented by the regulation. Instead, focus on how the regulators propose to implement the law.
  • Be specific. Sweeping generalizations about the impossibility of complying with a proposed regulation are not worthwhile. The agency generally is required to implement some statutory mandate and cannot disregard that responsibility. Concentrate on operational, customer-impact, and compliance management issues. Give the perspective of your bank, rather than trying to infer what impact the proposal will have on the banking industry as a whole.
  • Make constructive comments. Give examples of problems you envision that specific sections of the proposal will cause. Explain how you feel the negative result can be avoided, or at least reduced. Do not hesitate even to rewrite a section of a proposed regulation if you think it is unclear or misses a point. Suggest a reorganization of the provisions in the proposal to make it easier to read and understand, and to apply in everyday situations.
  • Follow submission criteria. Send your comment letter or e-mail to the designated agency official, not another staff member that you know. Include the reference or docket number of the proposal in your letter to ensure proper handling. Try to follow any specific requests which facilitate processing, such as type size or spacing. Of course, mail your letter or send your e-mail in time to reach the regulator by the due date specified in the proposal. Comments may be accepted also by facsimile or personal delivery, with special instructions. Many agencies also consider comments received after the due date, but they are not obligated to do so. Also, if the agency receives a great volume of comments, late comments slow the rulemaking process.
  • Back up your position. Explain why you think difficulties are likely to occur and how the proposal would produce those consequences. Be specific and provide any facts, data, or anecdotal evidence you think will prove your point. Anecdotes can be particularly effective in helping the regulators understand the practical implications of what they are proposing. If an existing regulation is being amended, provide statistics on how much it costs your bank to comply with this particular requirement. If the proposal is a new regulation, estimated cost information would be helpful to the agency.

Try to show, when appropriate, how these costs seem to outweigh the intended benefit of the regulation to your customers or the banking industry. Impact on customers is a key issue in rulemaking by the agencies. When proposed rules are likely to curtail current or new products, reduce credit availability, cause confusion, increase costs to customers, limit access to customer contact staff or services, or have other negative effects for customers, you should raise these issues in comment letters and e-mails. While the regulator may not be able to implement your suggested change, compelling, concrete details can help them adopt your suggestion in some form.

Conclusion

Too often bankers choose not to participate in the regulation-making process. They say that they don’t have the time or the communication skills or don’t think they can make a difference. However, writing comment letters is similar to voting. If you don’t exercise the power you have, you can’t complain about the outcome. When you do comment, you can positively affect the design and development of regulations.

Explore Y&A’s suite of compliance assurance services here.

Cybersecurity Tool

Moving beyond the FFIEC cybersecurity assessment tool

Written by admin on . Posted in Blog, Cybersecurity & Information Security, Information Technology.

By Noah Lennon, CCSP, CISA; consultant, Anthony Kniss; IT Manager, and Brian Kienzle, CISSP, OSCP; senior consultant Young & Associates

The Federal Financial Institutions Examination Council (FFIEC) retired the Cybersecurity Assessment Tool (CAT) on August 31, 2025, citing progress as the rationale for the change.

While acknowledging that the security controls within the CAT remain fundamentally sound, the Council has determined that, “Several new and updated government and industry resources are available that financial institutions can leverage to better manage cybersecurity risks.”

The tool that we are seeing most prominently to succeed the CAT is the Cyber Risk Institute’s CRI Profile. This tool is based on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) 2.0. The CRI Profile was developed specifically with financial institutions in mind, including additional considerations such as core processing, online/mobile banking, and third-party risk management.

This decision signals a coordinated, whole-of-government effort to enhance security and resilience across all critical infrastructure sectors, including finance. This shift encourages institutions to move from a proprietary assessment tools to nationally recognized standards.

New Reference Point: NIST SF

The NIST Cybersecurity Framework is a set of cybersecurity practices for IT, prioritized for risk reduction. While the CSF if applicable across all critical infrastructure sectors, other frameworks such as the CRI Profile and the upcoming CISA CPGs for financial services have adapted it to align with the regulatory requirements of the financial sector.

For small and midsize institutions with limited resources, a prioritized baseline for cybersecurity is invaluable. The NIST CSF helps cut through complex control lists and guide leadership to focus on the most effective actions first. The outcomes in the framework form a security baseline, representing the essential practices every critical infrastructure entity should adopt. NIST based these outcomes on their demonstrated ability to reduce risk from the most significant and frequent threats.

By establishing this foundational baseline, institutions can ensure they have addressed their most pressing information security threats. The next step is to integrate this baseline into a more comprehensive program structure, a role filled by the CRI Profile.

Building a Mature Program: The CRI Profile

While CPGs offers immediate, actionable steps, the CRI Profile, based heavily on the NIST CSF 2.0, provides the full structure needed to create a sustainable, risk-based cybersecurity program that addresses both operational and strategic needs.

  • Holistic Risk Management: The CRI Profile provides guidance and a taxonomy of high-level cybersecurity outcomes applicable to any organization, regardless of its size, sector, or maturity. Organizations can leverage the CRI Profile to build a holistic risk management program.
  • The Seven Functions: The CRI Profile Core is organized into seven functions, as depicted in Fig. 1.
  • Resources for Smaller Organizations: The CRI Profile includes features emphasizing governance and supply chains. Critically for CFIs, the Cyber Risk Institute provides a Guidebook that distill specific portions of the Profile into actionable “first steps” to help ensure the Profile is relevant and readily accessible by smaller organizations.
  • Mapping: Every security practice in the Profile is mapped to a corresponding subcategory in the NIST CSF. This helps to provide assurance that the practices are mature and peer-reviewed by cybersecurity professionals across all industries.

Source: The NIST Cybersecurity Framework (CSF) 2.0

Other Applicable Resources

In addition to the NIST CSF and CRI Profile, supervised financial institutions may also use industry-developed tools like the CISA CPGs or CIS Security Controls.

Community financial institutions must ensure their self-assessment tool supports an effective control environment and matches their risk. Standardized tools can help with self-assessments, but FFIEC members focus on a risk-based approach during examinations. As cyber threats evolve, examiners may review areas not covered by all tools.

Aligning with the FFIEC Audit Framework, the following table maps key FFIEC audit expectations to the specific solutions provided by this integrated framework approach.

Aligning with new frameworks proves the transition from the CAT is not a break from FFIEC principles, but a deeper commitment to them using more effective tools. This change helps build a defensible cybersecurity program grounded in the same language and standards as expected by regulators. Adopting these frameworks is a strategic step to reduce risk and improve governance across the institution.

Moving Beyond Compliance to Resilience

The withdrawal of the FFIEC CAT marks a pivotal and positive development for community financial institutions. This change empowers organizations to employ tools that are actively maintained and more aligned with the modern threat landscape.

Young & Associates offers IT audit expertise to help financial institutions navigate the transition from the FFIEC CAT. Our team supports effective control assessments and alignment with current regulatory frameworks to strengthen cybersecurity programs and governance. Reach out today to have our experts help your institution navigate this change.

What alternative data can be used to determine creditworthiness?

Written by admin on . Posted in Blog, Risk Management.

By Alex Heavner; Credit Analyst, Y&A Credit Services

It is no surprise that building your credit is much more difficult than destroying it. Experts estimate that around 45 million Americans do not even have a credit score.

This group includes approximately 26 million individuals who are credit invisible — those without a credit history at the three major credit bureaus — and 19 million with thin or unscorable credit files.

Traditionally, lenders rely on credit reports, utilization, and the length of credit history to assess creditworthiness.

With the digital boom of the 2010s, fintech companies pioneered the use of alternative data to bring more borrowers into the financial mainstream.

These efforts aim to provide more inclusive, real-time insights into a borrower’s ability and willingness to repay debt.

Creditworthiness Graphic

Types of Alternative Data Being Used

Modern lenders and data aggregators have found several non-traditional data sources that can indicate creditworthiness, including:

  • Rent payments: On-time rent payments are one of the strongest indicators of financial responsibility for consumers without mortgage histories. Services like RentTrack and LevelCredit report rent payments to bureaus.
  • Utility and telecom bills: Payment histories on water, electric, gas, and mobile phone bills can show how consistently a consumer meets financial obligations.
  • Subscription services: Through services like Experian Boost, payments for Netflix, Hulu, or other recurring subscriptions can be used to strengthen a credit file.
  • Bank transaction data: Analyzing income deposits, recurring bills, and cash flow from checking and savings accounts can provide insight into the financial stability of a borrower. This is especially common in open banking models enabled by APIs like Plaid or MX.
  • Employment and education history: Certain alternative scoring models, particularly those used internationally or by startups, incorporate job stability, industry, education level, and professional certifications as proxies for future income and repayment capacity.
  • Social media and behavioral data: Though controversial, some experimental models have assessed consistency in online behavior, device usage, or even language patterns on social platforms to infer risk. These models are rare in the U.S. due to privacy and regulatory concerns.
  • Insurance, rent-to-own, and payday loan history: Nontraditional financial products may also yield data that can supplement thin files—though care must be taken to avoid perpetuating high-risk lending patterns.

Benefits of Using Alternative Data

  • Expanded access to credit for the underbanked and credit invisible.
  • More frequent updates, allowing real-time assessments of financial health.
  • Better risk segmentation, especially in conjunction with traditional models.
  • Potential for compliance with fair lending laws, provided models are explainable and data is obtained with consumer consent.

Risks and Considerations

  • Data privacy and consent: Consumers must opt-in for certain data types, especially bank transactions or subscription history.
  • Model explainability: Lenders must be able to explain adverse actions to borrowers under the Equal Credit Opportunity Act (ECOA).
  • Regulatory scrutiny: The Consumer Financial Protection Bureau (CFPB) and Federal Reserve have emphasized the need for fairness, transparency, and non-discrimination in alternative credit scoring.

Recommendations for Community Banks and Credit Unions

Implementing alternative credit scoring models can be a powerful tool for enhancing financial inclusion and capturing underserved market segments.

Key steps for smaller financial institutions to get started:

1. Start with Rental and Utility Data

Partner with vendors like LevelCredit, RentTrack, or Esusu that provide verifiable and reportable alternative payment data. This low-barrier entry point can help expand lending to young renters and non-homeowners.

2. Use Bank Transaction Data Through Open Banking APIs

Explore partnerships with fintech enablers like Plaid, Finicity, or MX to pull real-time checking and savings account data with customer permission. This can enable cash flow underwriting for small personal loans, credit cards, or small business loans.

3. Integrate Alternative Data into Manual Underwriting

For institutions not ready to adopt full alternative scoring models, underwriters can begin using rent, utility, and bank statement data in exception-based decisions or as compensating factors for borderline credit files.

4. Educate Members and Borrowers

Create marketing and financial education campaigns to inform customers that their rent and utility payments can now help them qualify for loans. Transparency builds trust and increases opt-in rates.

5. Conduct a Pilot Program

Select a product line—such as personal loans under $5,000—and test alternative data scoring on a small scale. Use internal benchmarking to assess default rates, borrower satisfaction, and ROI.

6. Ensure Regulatory Compliance

Collaborate with compliance and legal teams to ensure that all alternative data use complies with the Fair Credit Reporting Act (FCRA), ECOA, and other applicable laws. Use only consumer-permissioned data and ensure you maintain fair lending oversight.

7. Use Hybrid Scoring Models

Adopt tools that integrate both traditional credit data and alternative data into a single risk model. This provides a more holistic picture and improves risk segmentation without abandoning conventional risk management practices.

8. Leverage CUSOs or Vendor Partnerships

If your internal resources are limited, work through a Credit Union Service Organization (CUSO) or regional banking associations to access shared vendor resources or deploy collaborative technology.

Conclusion

The use of alternative data in credit decisioning is not just a fintech trend — it’s a necessary evolution to ensure equitable access to financial services. For community banks and credit unions, embracing these tools can unlock new markets, reduce reliance on traditional credit bureaus, and offer tailored credit options for the next generation of borrowers.

By starting small and building a compliant, transparent framework, these institutions can stay competitive and deepen member relationships. All while continuing to serve their core mission of supporting community growth.

Policy Management

Why policy management is a strategic advantage for financial institutions

Written by admin on . Posted in Blog, Management & Planning.

By Karen Hevesi; Education & Products Manager, Young & Associates

In today’s financial landscape, policy management is more than a compliance exercise; it’s a strategic necessity. As regulations evolve, technology reshapes operations and risk profiles grow more complex, financial institutions must adopt a robust and transparent policy framework. Poorly managed policies can lead to compliance gaps, operational inefficiencies, and reputational damage.

Why Policy Management Matters

Policies Organization

Effective policy management is a dynamic process that requires centralization, regulatory alignment, stakeholder engagement, and integration with risk frameworks. Adopting these best practices, financial institutions can reduce compliance risks, improve operational efficiency, and maintain trust with regulators and customers.

To build a policy management system that withstands pressure, financial institutions should follow best practices that strengthen oversight and support efficient operations.

Policy management is a critical discipline in the financial sector. It shapes how institutions control risk, meet regulatory expectations, and operate with integrity.

Banks, brokers, insurers, credit unions, asset managers, and fintech firms all depend on policies to guide decisions and protect customers. Weak or outdated policies expose the entire organization, while strong, actively managed policies foster structure, consistency, and trust.

Responding to an Evolving Regulatory Environment

Regulatory expectations face pressure because governing rules frequently change. Regulators update guidance, markets shift, and new threats appear without warning. This makes policy management more than a documentation task. It is a full lifecycle process that demands attention, clarity, and coordination across the entire business.

Many financial institutions struggle with policies. Policies should use clear language, follow a logical order, and focus on what employees must do, not just what the law says. Clarity reduces errors, streamlines training and onboarding, and minimizes the back-and-forth that slows daily operations. Without firm policies, financial institutions risk fines, reputational damage, and operational failures.

Clarity and Structure Build Strong Policies

A policy alone has little force unless it translates into real action. Effective policy management links each policy to the procedures and controls that support it. This means mapping not only what must be done, but how it is done and who does it. Integration ensures the institution follows the policies consistently and can prove compliance during audits.

Scattered documents create risk. Employees need confidence that they’re viewing the most current version of a policy when searching for a rule. A centralized, well-organized policy library eliminates uncertainty and helps staff find the information they need fast. It also supports audit trails that track when a policy was revised, who approved it, and what changed.

Training should not end after onboarding. In the financial industry, policy understanding needs constant reinforcement. Best practice combines general compliance training with role-specific instruction that covers the policies most relevant to each team. When policies change, training updates should follow quickly. Short refreshers, case examples, and scenario-based learning help employees apply policies correctly in real conditions. The goal is not just reading but understanding.

Version Control and Ongoing Reviews

Regulators expect full visibility into how and why a policy changes. Every edit, comment, approval, and retirement decision should be documented.

Version control creates a clear historical record that demonstrates responsible policy management. During audits or examinations, this documentation becomes one of the most valuable tools a financial institution can provide.

Policies should be reviewed annually to ensure accuracy, relevance and alignment with current risks. A policy written three years ago might still be correct on paper but completely misaligned in practice. Routine reviews help institutions identify outdated references, process changes, and new vulnerabilities. Testing policies in real-world scenarios strengthens them. For example, a compliance team might walk through how a fraud policy operates during a sudden surge in suspicious activity. Stress tests reveal blind spots before they become incidents.

Adapting Policy Management for the Future

Policies do not live within a single department. Risk, compliance, legal, operations, technology, HR, and business lines all shape how policies work in practice. Collaboration ensures policies align with real workflows and reflect the risks teams face daily. When everyone understands the implications, the policies become stronger and easier to implement.

The financial industry will continue to evolve. Technology advances, new risks emerge, and global regulatory pressure intensifies.

Policy management must keep pace. Institutions that treat policies as strategic assets rather than paperwork protect themselves from compliance failure and operational disruptions. In a competitive financial landscape, trust is an advantage. Strong policy management builds that trust from the inside out. In an era of constant change, policy management remains the foundation of compliance, risk mitigation, and public trust.

Artificial Intelligence

How artificial intelligence can transform loan underwriting

Written by admin on . Posted in Blog, Lending & Loan Review.

By Justin Schray; Credit Analyst, Y&A Credit Services

Artificial Intelligence (AI) has been solving problems and answering complex prompts for decades, but today, its presence is ubiquitous. From internet search engines and social media platforms to classrooms and corporate offices, AI has become embedded in our daily lives. Its potential across industries is immense — but how can it specifically benefit financial institutions, particularly in loan underwriting?

Uses and Potential

Traditional underwriting methods are often inconsistent due to the subjective influence of individual analysts’ opinions and judgments. In contrast, AI employs advanced algorithms and machine learning techniques to assess vast datasets and deliver consistent, policy-aligned decisions.

By automating key processes, AI enables banks and other lenders to provide more personalized and responsive service to both prospective and current clients. Through rapid data analysis, AI can process credit scores, tax returns, employment histories, and more, organizing this information in a way that still adheres to sound risk assessment and forecasting standards. As a result, financial institutions spend significantly less time on manual data entry — potentially reducing loan approval timelines from several weeks to just a few days.

Beyond data collection and efficiency, AI also supports institutions in risk assessment and fraud detection. Machine learning models can identify patterns in historical data and monitor them in real time. This enhanced detection capability allows lenders to address potential issues — whether with an individual borrower or an entire industry — much earlier in the lending process.

In addition to decision-making support, AI tools are now capable of generating automated risk reports, financial spreads, and executive summaries. While risk managers remain in control of final lending decisions, AI expedites the process, enabling more timely and data-informed conclusions.

AI infographic

How can AI be implemented?

For a financial institution to effectively implement AI, it must first identify its own operational inefficiencies or pain points.

AI should be adopted with a clear strategic purpose — not simply because it’s a trending technology.

4 questions Institutions must consider:

  • What functions will AI support?
  • Who will have access to AI tools?
  • Do existing policies need to be revised?
  • Is current software infrastructure compatible with AI integration?

Establishing a formal roadmap is essential. This includes selecting use cases, identifying key stakeholders, developing integration timelines, and planning staff training. Leadership must champion this transformation to ensure institutional alignment and accountability.

Once the AI system is tested and rolled out, continuous monitoring becomes critical. Risk managers and analysts should review performance data, offer feedback, and contribute to ongoing model improvements. This feedback loop will refine the AI’s accuracy and effectiveness while enhancing the institution’s ability to mitigate credit and operational risk.

Is it safe?

AI systems are designed to manage and interpret large volumes of data, but maintaining the security and privacy of that data is paramount. Financial institutions bear legal and reputational responsibility for safeguarding customer information, and any breach could lead to serious consequences.

One of AI’s strengths is real-time threat detection. AI tools can detect anomalies, flag suspicious behavior, and allow for swift responses. These systems can also predict potential breaches using historical trends and, if configured appropriately, initiate automated responses—such as isolating compromised systems or blocking malicious content.

The U.S. National Security Agency’s Artificial Intelligence Security Center (AISC) recommends integrating AI-powered security protocols early in the adoption process. According to IBM, the average cost of a data breach in the United States reached $9.36 million in 2024, with 95% of breaches motivated by financial gain. Institutions that employed AI-based security tools reportedly saved an average of $2.2 million per breach—underscoring the value of proactive AI implementation in cybersecurity.

Conclusion

AI offers transformative potential for financial institutions, particularly in loan underwriting. From enhanced decision-making and fraud detection to improved client service and operational efficiency, AI allows lenders to modernize their workflows while minimizing risk. With careful planning, secure implementation, and ongoing evaluation, AI can be a powerful asset in the future of banking and credit services.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question